One of the ColdFusion bugs, however, was reported by Alex Holden of Hold Security; Holden is one of the experts who uncovered the data lost in the Adobe breach along with blogger Brian Krebs. Krebs reported today that one of the now-patched ColdFusion bugs was a zero-day being used by attackers earlier this year to break into a number of companies.

The security hotfix for ColdFusion 10 on Windows is the most critical, according to Adobe. The vulnerability affects versions 10, 9.0.2, 9.0.1 and 9.0, as well as Mac OS X and Linux. Adobe said a cross-site scripting vulnerability was patched that could be remotely exploited by an attacker with credentials when the CFIDE directory is exposed. The other bug could permit unauthorized remote read access, Adobe said.

Adobe also updated Flash Player to version 11.9.900.117 for Windows and Mac OS X, and 11.2.202.310 for Linux. The patches fix flaws that could crash the Flash Player and enable an attacker to remotely take control of the underlying system hosting the software.

Both products have been patched multiple times this year. ColdFusion is of particular interest because of its involvement in the massive October breach. The attackers were able to access source code for ColdFusion, along with Acrobat, Publisher, PhotoShop and other Adobe products. More than 150 million customer records were also accessed, including unsalted passwords.

ColdFusion has been patched several times by Adobe this year, going as far back as Jan. 4 when the company reported that ColdFusion exploits were in the wild for unpatched vulnerabilities in the software. Since then, vulnerabilities were patched in the software in May, after weeks prior cloud-hosting company Linode revealed it was breached by attackers using a ColdFusion zero day, and customer records including payment card information were lost. Previously, on Dec. 11, Adobe patched a sandbox permissions flaw in ColdFusion, weeks after an out-of-band patch resolved a denial-of-service vulnerability.

A modern smartphone is a full-blown working tool, an entertainment center and a tool to manage your personal finances. The more it can do, the more attractive it is to cybercriminals. The evidence for...

Cybercriminals go at great lengths to throw researchers off their scent, but just like in the "offline" crime world they make errors and leave peculiar traces behind, making them look a bit silly, whi...

By Maria Karnaukh Genius is often simple. Those ideas that ultimately reap millions of dollars are usually found hiding in plain view – unnoticed until their time is right. Here are several examples o...